Managing Your Law Practice In the Cloud: Security and Ethical Considerations

Making the decision to manage your practice and migrate your case files and documents to the cloud is not an easy one. There are many factors to consider, the most important of which are security and ethical compliance.

Because law firms are legally obligated to maintain the confidentiality of their client’s information, many are worried that using a cloud-based system to manage their files could potentially lead to accidental exposure or a loss of data. While there is no way to mitigate all the possible risks, careful consideration of the ethics and security issues can help manage expectations and arrive at the right choice.

Ethical considerations

The good news is that many states have already weighed in with ethics opinions and each has generally decided that lawyers may use the cloud as long as they exercise a reasonable standard of care. In addition, although the ABA has not formed a model rule specifically around practice management in the cloud, Rule 1.1 Comment 8 advises: “To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology…”

So, what should you be focusing on when considering using a practice management system to manage your firm and store data in the cloud? In short, you need to familiarize yourself with the ethical rules, select a reputable provider and do your due diligence.

What country is the provider based in?

Ideally, if your firm is in the United States, your provider should be located there too. This is important for two reasons. You’ll want to be able to reach them on a convenient and predictable schedule, should you need to resolve an issue promptly. You’ll also want to make sure their servers are located in the United States as well. If not, you’re taking a chance regarding data security and possible outcomes in the event of an adverse situation.

What is the reputation of the company within the legal community?

Online reviews, word of mouth, referrals and personal research all have a part in the selection process. The bottom line is the software must do what you need it to do, but the quality and longevity of the provider must be among the strongest considerations. A good directory to check out is Capterra’s law practice management (and other categories of software) and GetApp.

Who actually owns your firm’s data?

A reputable company will make it clear that the user retains complete ownership of their data at all times. The provider should not be able to aquire any rights to the law firm’s property, at any time. In the event of a third party inquiry into that data, the provider should be obligated to notify you promptly, unless specifically prohibited by law.

How can I control access to my firm’s data?

What happens if I elect to share certain files and documents with a client via a portal? Will they be able to see other pertinent information related to the matter that I choose not to share? What about different levels of employees that need different levels of access to billing, financial reporting, and matter related information? What happens if I utilize outside counsel, who needs to collaborate on certain elements of a case?

In short, you should select a provider with a robust role-based access system in place. Role-based access control helps customize access levels for all your users by type and prevents unauthorized disclosure of your firm’s and clients private data.

What are the payment terms and data control related to ending the relationship?

Make sure you’re clear on the payment terms, as well as what can happen in the event of nonpayment. Will the company then own and possibly destroy that data? If the need arises, how will the company handle the termination of the relationship, both in times of compliance and non-compliance? The terms of service for a reputable provider should set your mind at ease regarding these issues and make it clear exactly what the payment terms are.

There are additional considerations. Fortunately, the Legal Cloud Computing Association has developed a comprehensive set of provider standards designed exclusively for the legal industry. These standards address many different considerations, from physical location of the company and it’s servers, to encryption and disaster recovery.

While there are no absolutes when handling invaluable client data, attorneys should feel confident that the cloud can be an excellent choice for all their practice management needs. The popularity of some of the most reputable providers should help demonstrate the benefits of convenience, security and greatly enhanced accessibility that have made the cloud a permanent part of so many practices.